On BitTorrent Sync security

This is not a professional assessment but a community effort to analyze a solution used by the public. This is a quick response to some critics on this Hackito Session results, this is not a commercial report.

I’m a big Sync fan, and part of why I was drawn to it was the peace of mind I found in “owning my cloud.” I contacted Kevin Fu of BitTorrent to get their response. I’m not a security expert by any stretch of the imagination, but the statement from Sync reflected my own reactions to some of the weak spots pointed out in the Hackito analysis.

In short, the scariest parts of the report (to me) focus on the security and exposure of folder hashes. However, these hashes aren’t private keys, they’re essentially just identifiers for a folder. You can’t be granted access without the secret key, and those are securely generated with options for one-time use, time limits, etc.. Looking over Hackitos analysis, it does appear that network addresses are leaked from local ports and through link.getsync.com which would offer attackers a target, but I’ll leave it up to commenters to help me figure out the level of danger there.

Update: I got a note from Sync regarding the network addresses:

The website link.getsync.com does not see, or know about any local IPs / ports. It only sees the public IP of the machine – that’s no different from any other web site on the Internet. The tracker is aware of local IPs and ports, but: (1) taking advantage of that is difficult since these IPs can only be accessed over the local network; and (2) to gain this knowledge, one has to guess a Folder Hash, which is a 160 bit number – it is impossible to do so.

Ultimately, the security of any peer-to-peer sync solution is in the hands of the user. I’ll be the first to admit that I don’t have enough security expertise to assess all of the potential dangers presented. I’m personally satisfied with the response from Sync for now. I’ll worry about my own network security first.

The official statement from BitTorrent Sync:

BitTorrent Sync remains the most secure and private way to to move data between two or more devices; and for good reason - we’ve built it that way. Rigorous third-party security audits have been conducted to verify the product’s security architecture, validated by the attached report.

But we take questions about Sync’s security very seriously. We’ve gone through the claims made by Hackito and after reviewing it in full, we do not feel there is any cause for concern.

To address the main points made in the study’s conclusion:

Folder hashes are not the folder key (secret) and are used to discover other peers with the same folder. The hashes cannot be used to obtain access to the folder; it is just a way to discover the IP addresses of devices with the same folder. Hashes also cannot be guessed; it is a 160 bit number, which means that it is cryptographically impossible to guess the hash of a specific folder.

Links make use of standard public key cryptography to enable direct and secure key exchange between peers. The link does not contain any folder encryption keys; it only contains the public keys of the machines involved in the exchange. The link itself cannot be used for decrypting the communication. After a direct connection is established (the user can verify that by comparing the certificate fingerprint for both peers) Sync will pass the folder key over an encrypted channel for the other peer. In addition, the public key and the folder hash appear after the # sign in the URL, which means that all modern browsers won’t even send this to the server. On top of that, a few additional features were implemented to further secure the key exchange using links, including (1) the links automatically expire within 3 days (set as default) and (2) explicit approval is required by the inviting peer before any key exchange takes place (also set as a default).

We host a tracker server for peer discovery; the tracker is only there to enable peers to find each other. It is not a part of the folder exchange. As mentioned earlier, the hashes cannot be used to obtain access to a folder.

Like with any other solution, the user needs to secure access to their machines using proper passwords, proper firewall configuration, and the like. Once an attacker has root access or physical access to the machine, it can modify any element of the attacked system. This is not an issue with Sync, but basic security protocol.

Sync security is completely dependent on client-side implementation. The public infrastructure is there to enable better connectivity and more user-friendly folder sharing experience. Compromising the public infrastructure cannot impact the security of Sync.

The findings of the security audit mentioned in the statement can be found here.